Abstract

Platform-independent and cross-organizational Web services interactions demand for a powerful and flexible access control system. This article presents such a system that relies on the interplay of local and distributed authorization. For the local evaluation of access policies, the verification of policy dependencies is a crucial task, as Web services’ oftentimes rely on the interaction with underlying applications like database systems that perform access control independently. Via distributed authorization, the set-up of collaboration networks is enabled. Thereby, the focus is on loosely coupled networks that preserve the autonomy of authorization of federating organizations. Scalability of collaborations is achieved through a distributed role-based access control model and efficiency is provided by caching repeatedly occurring authorizations.